Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-25901

Опубликовано: 18 янв. 2023
Источник: redhat
CVSS3: 7.5

Описание

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.

A Regular Expression Denial of Service (ReDoS) vulnerability was found in cookiejar via the Cookie.parse function and other aspects of the API, which uses an insecure regular expression for parsing cookie values. Applications could be stalled for extended periods of time if untrusted input is passed to cookie values or attempted to parse from request headers.regular expression.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/search-api-rhel8Affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 8firefox:flatpak/firefoxNot affected
Red Hat Enterprise Linux 8mozjs60Not affected
Red Hat Enterprise Linux 8thunderbirdNot affected
Red Hat Enterprise Linux 8thunderbird:flatpak/thunderbirdNot affected
Red Hat Enterprise Linux 9firefoxNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-1333
https://bugzilla.redhat.com/show_bug.cgi?id=2161901cookiejar: Regular Expression Denial of Service (ReDoS)

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-25901

CVSS3: 5.3
ubuntu
около 3 лет назад

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.

nvd логотип

CVE-2022-25901

CVSS3: 5.3
nvd
около 3 лет назад

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.

debian логотип

CVE-2022-25901

CVSS3: 5.3
debian
около 3 лет назад

Versions of the package cookiejar before 2.1.4 are vulnerable to Regul ...

github логотип

GHSA-h452-7996-h45h

CVSS3: 5.3
github
около 3 лет назад

cookiejar Regular Expression Denial of Service via Cookie.parse function

fstec логотип

BDU:2023-00674

CVSS3: 5.3
fstec
почти 4 года назад

Уязвимость функции Cookie.parse() библиотеки CookieJar, позволяющая нарушителю вызвать отказ в обслуживании

7.5 High

CVSS3